 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
|||||||
 |
|
|
Thread Tools | Display Modes |
|
#1
11-18-2007, 06:08 PM
|
IPSec policy on servers connected to 2 networks
Hi. I am currently investigating how to setup an IPSec policy on a small
network (single domain) of ~20 windows 2003 and 2000 servers and ~10 windows xp and 2000 workstations. Of the 20 servers 5 of them are directly connected to other networks via a second nic, the IP address ranges of these second network connections also vary. If possible can anyone advise how I can deploy a policy to enable IPSec on the internal domain traffic while still allowing these 5 servers to continue communicating to their second network in the clear ? I'm comfortable with setting up IPSec, it's how to handle the two network issue I'm stuck on. Thanks, Stuart. Stuart 
|
|
#2
11-20-2007, 04:20 AM
|
|||
|
|||
|
Re: IPSec policy on servers connected to 2 networks
Except for when you indicate the interface type (all, LAN, or remote), the
IPsec engine doesn't care about interfaces -- it concerns itself only with IP addresses and any rules that match those addresses. What kind of policies do you want on the internal domain? -- Steve Riley (E-Mail Removed) http://blogs.technet.com/steriley http://www.protectyourwindowsnetwork.com "Stuart" <newsgroups> wrote in message news:(E-Mail Removed)... > Hi. I am currently investigating how to setup an IPSec policy on a small > network (single domain) of ~20 windows 2003 and 2000 servers and ~10 > windows xp and 2000 workstations. Of the 20 servers 5 of them are > directly connected to other networks via a second nic, the IP address > ranges of these second network connections also vary. > > If possible can anyone advise how I can deploy a policy to enable IPSec on > the internal domain traffic while still allowing these 5 servers to > continue communicating to their second network in the clear ? I'm > comfortable with setting up IPSec, it's how to handle the two network > issue I'm stuck on. > > Thanks, > Stuart.
|
|
#3
11-20-2007, 03:59 PM
|
|||
|
|||
|
Re: IPSec policy on servers connected to 2 networks
Instead of defining your rules as to/from My Address define
them using to/from IP of concern for the traffic type. "Stuart" <newsgroups> wrote in message news:(E-Mail Removed)... > Hi. I am currently investigating how to setup an IPSec policy on a small > network (single domain) of ~20 windows 2003 and 2000 servers and ~10 > windows xp and 2000 workstations. Of the 20 servers 5 of them are > directly connected to other networks via a second nic, the IP address > ranges of these second network connections also vary. > > If possible can anyone advise how I can deploy a policy to enable IPSec on > the internal domain traffic while still allowing these 5 servers to > continue communicating to their second network in the clear ? I'm > comfortable with setting up IPSec, it's how to handle the two network > issue I'm stuck on. > > Thanks, > Stuart.
|
|
| Tags |
| connected, ipsec, networks, policy, servers |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
